Im returning to gentoo after a few years out of the linux world (i quitted when gnome killed its version 2). Im wondering... when you're updating your system, is that wise to ALSO update dependencies?

Im a windows dev. Lets say that we have an app named myApp.exe which depends on myDependency.dll. If i update myDependency.dll from version 1 to version 2, that update may break myApp.exe, because maybe the internal api of myDependency has changed.

What i say is, the installer of myApp.exe should be the one in charge of updating myDependency.dll, not me, because if i update the .dll by myself i may break the app.

So, if myApp was a linux app, i think that i should *ONLY* update myApp, and portage in turn should decide IF it needs to update its dependencies too.

Im right? Im looking at this from a Windows point of view. Maybe in linux it doesn't work like that. Can someone please help me to understand this?

Im returning to gentoo after a few years out of the linux world (i quitted when gnome killed its version 2). Im wondering... when you're updating your system, is that wise to ALSO update dependencies?

Im a windows dev. Lets say that we have an app named myApp.exe which depends on myDependency.dll. If i update myDependency.dll from version 1 to version 2, that update may break myApp.exe, because maybe the internal api of myDependency has changed.

What i say is, the installer of myApp.exe should be the one in charge of updating myDependency.dll, not me, because if i update the .dll by myself i may break the app.

So, if myApp was a linux app, i think that i should *ONLY* update myApp, and portage in turn should decide IF it needs to update its dependencies too.

Im right? Im looking at this from a Windows point of view. Maybe in linux it doesn't work like that. Can someone please help me to understand this?

Thanks! and sorry for my bad english

That is how it usually works, yes. For that to be smooth, make sure that your 'world' file has primarily only applications, not libraries that will be pulled by dependencies when you update the applications.

And if the librairies are updated, it is always prudent to run revdep-rebuild to check if anything got broken and rebuild it

Correct. During an update, if a package you've specifically installed (member of world set, in other words) needs a newer version of a dependency, the dependency will be updated automatically. There are other nuances, but no manual updates are required.

- John_________________I can confirm that I have received between 0 and 999 National Security Letters.

Correct. During an update, if a package you've specifically installed (member of world set, in other words) needs a newer version of a dependency, the dependency will be updated automatically. There are other nuances, but no manual updates are required.

- John

I think not a lot of people know that...

Why is everyone running emerge -uDav? if emerge --update --ask world is safer and less risky for the stability of the system?

I think there should be a "Portage best practices" page on the wiki. There's a lot of myth and black magic floating around how to do things with portage. If i had the knowledge on the subject i would write it myself_________________En los CDs de Microsoft, al reves escuchas un mensaje satanico. Eso no es lo peor, al derecho, te instala windows.

You clearly should update the dependencies! (and run revdep-rebuild afterwards )
Because this is actually what gets tested during the stabilization of a package!
A newer lib means that you test all stable packages with a dependency to that lib.
So it would be wise for security reasons to also update dependencies and not just the required ones, as all the stable packages should run against it! -if not, then please file a bug!
Furthermore, if you only update the world, it could happen that you install an app that runs against the current stable lib, but not with the one you've still got from the install 3 years ago... As stable gets tested against current stable and not all ancient versions....

You clearly should update the dependencies! (and run revdep-rebuild afterwards )
Because this is actually what gets tested during the stabilization of a package!
A newer lib means that you test all stable packages with a dependency to that lib. ...

Although all of that is true, stating it like that implies that it doesn't happen unless you take some special action. In fact, the reverse is true: you have to take special action to avoid the called-for updates of dependencies. (Cyberstudio, I'm not even going to tell you what the special action is. If you really must know, the emerge man page will elucidate.)

All of this happens automatically during a routine update for exactly the reasons nativemad cites: if there's a known security issue, the Gentoo developers will update the Portage tree to force the update of the vulnerable package.

- John_________________I can confirm that I have received between 0 and 999 National Security Letters.

Thanks nativemad, sounds very logical to me. That was the part that i was missing.

Ok, so the consensus is that its not "Obligatory" to do so, but its "Ideal"?_________________En los CDs de Microsoft, al reves escuchas un mensaje satanico. Eso no es lo peor, al derecho, te instala windows.